On March 16, WaPo reported that the same employee was arrested in the District and charged with taking videos of women through the windows of their homes. According to the same report, Daniel Rosen’s security clearance had been revoked. Before it was taken down, he indicated on his LinkedIn profile that he was the Director of Counterterrorism Plans, Programs and Policy at the State Department for over six years. As of February 25, the State Department telephone directly lists the Bureau of Counterterrorism’s Director for the Office of Programs and Policy located at 2509 as “vacant.”

Daniel Rosen, 45, pleaded guilty to 11 charges of stalking and voyeurism on Wednesday in the Superior Court of the District of Columbia for incidents that happened between 2012 and 2014. According to law enforcement, he used his cell phone to record women in various stages of undress by aiming his cellular phone through their apartment windows in the areas of Mount Pleasant, the U Street Corridor, and Adams Morgan in Northwest D.C.
[…]
His attorney Bernard Grimm says Rosen is undergoing therapy and showed police the locations after they discovered the videos.

“Beyond shame, talk about a fall from grace here’s a guy who used to work at the State Department has a master’s degree and his life just spiraled out of control,” he said.

Rosen faces up to 11 years or a $11,000 fine when he is sentenced on October 9. Each of the counts of voyeurism and stalking carries a maximum penalty of one year and potential fines. He will be released and under home confinement, which will be very restricted, until his sentencing date.

WaPo citing an assistant U.S. attorney reports that Rosen’s filming stretched over a nearly three-year period, from early 2012 to late 2014, and that “he returned to some women’s homes as many as five times to film videos that, in some cases, lasted minutes.”

His case on soliciting a minor, a separate charge, continues in September.
.

According to the Foreign Affairs Manual, the Act of August 26, 1950 (64 Stat. 476), codified at 5 U.S.C. 7532, “confers upon the Secretary of State the authority, in the Secretary’s absolute discretion, to suspend without pay any civilian officer or employee of the Department (including the Foreign Service of the United States) when deemed necessary in the interest of the national security (see 12 FAM 235.2).”

Section 610 (2)(c)(1) of S.1635 says that in order to promote the efficiency of the Service, the Secretary may suspend a member of the Service without pay when—

(A) the member’s security clearance is suspended; or

(B) there is reasonable cause to believe that the member has committed a crime for which a sentence of imprisonment may be imposed.

The new language indicates suspension without pay (SWOP) whenever the security clearance is suspended for whatever reason. Not just for national security reasons anymore, folks.

The most widely reported FSO with a suspended clearance in recent memory is Peter Van Buren whose TS clearance was suspended for about a year. Under this proposed bill, PVB would not have been assigned to a telework position or paid for the duration of his fight with the State Department. Which means he and others like him would have to quit and find a paying job or starve unless he/she has a savings account that can sustain the investigation for a year or years.

Any FS employee who might dissent or engage in whistleblowing activity, any perceived troublemaker for that matter, can be put on SWOP, and that would be it. An FSO who experienced first hand the suspension of a security clearance put this in very stark terms:

In practical terms they can remove the employee instantly, without telling anyone why until much later, by which time the employee will have resigned unless they can afford to go for months or years without a salary. And once the employee has resigned, the case is closed, the former employee loses their clearance because they resigned, and with it any right to know the reasons for the suspension. If the employee quits, the Department does not have to justify itself to anyone, and if the Department doesn’t have to pay them, 99.9 percent will quit.

We want to look at the numbers of suspension and revocation, unfortunately, this is something that is not publicly available from Diplomatic Security. A source speaking on background put the numbers very low at less than 30 suspensions a year and of those probably less than 5 are revocations. Another source long familiar with this issue guesstimate the number as closer to 70-80 suspension per year, and the number of revocations probably at15-20 per year. We are unable to verify these numbers independently. The higher numbers may be due to greater hiring, as well as to the use of “Scattered Castles,” a computer database that lists all prior security clearance determinations by other agencies which may prompt a suspension and re-investigation of the clearance. But even if we take the higher numbers of 80 suspensions, that is still a small number compared to the total FS workforce.

A source not authorized to speak on this subject told us that the bulk of security clearance suspensions and revocations involve personal behavior issues ranging from alleged sexual misconduct to alcohol abuse, to failure to report on time a relationship that should be reported. Very few security clearance cases involve a matter that is criminal, so very few result in prosecution.

The question then becomes why? Why would Congress want this? And just as important, why does the State Department support this?

The long history of this section of the bill reportedly dates back to Condoleezza Rice’s term at the State Department. It was allegedly intended to create parity between Foreign Service (FS) and Civil Service (CS) employees.

State can indeed put CS employees on SWOP as soon as clearance is suspended, but the rules also gives CS employees appeal rights to the Merit Systems Protection Board (MSPB). We understand that MSPB records and procedures are public and that it is specifically granted authority to review security clearance cases. The FS employees do not have the same protection with the Foreign Service Grievance Board. The final review adjudicative body, the Security Appeals Panel, not part of FSGB, allegedly does not even keep records of its deliberative process or set precedent for future cases. Currently, the rules on the FAM says: “If the individual is represented by counsel or other representative, the representative does not have a right to have access to or to review any material. However, to the extent authorized by the individual and the Department, the representative may review material that the individual has access to pursuant to subsection (b) above if he or she is properly cleared.”

The numbers of suspension/revocation are low but Congress doesn’t have to talk about the numbers. The members can talk about getting rid of bad apples in the government, which is always popular. In doing so, Congress can look tough on security, tough on the State Department and tough on keeping tabs on government money.

This is not a good idea. If only a quarter of all suspensions end in revocation, isn’t the USG throwing money and lives away? In addition to our concern that this could be use by the State Department to shut-up dissenters or potential whistleblowers, we also have the following concerns:

Costs in hiring/training

The USG has a lengthy hiring process for FS employees and typically trains them before sending them to posts overseas. The cost of that investment does not come cheap. Members of the FS also go through language training and spends most of their careers in overseas assignments.The length of time to replace/train/deploy an FS employee is significantly longer than the time to replace a CS employee.

FS family logistics

FS members overseas with suspended clearance are normally sent home to a desk job that does not require a clearance or their expertise. Not all FS members have houses to come home to in the WashDC area. They’ll have to pull kids out of schools, and move their entire household. What happens to them in DC if the employee is without work and without pay under this proposal? A suspension in this case would technically be a firing as the FS employee will be forced to find an alternate job that pays. So what happens when the case is resolved without a revocation, will the employee be able to come back? Since the investigation ends when the employee leaves, there is no win here for the employee.

Prime targets of hostile intel service

FS employees spends most of their career overseas. By virtue of their positions, they are prime targets of any hostile intel service. They can be subject of a security investigation though no fault of their own. This is even more concerning with the OPM hack purportedly conducted by a foreign government. If true that a foreign government now has the personal details of over 20 million security clearance holders, including those in the State Department who used OPM’s e-Qip system, how does one even protect oneself from the potential misuse of that information that can lead to a clearance suspension?

What can you do?

As we have posted earlier, the State Authorization bill was offered as an amendment when the NDAA was debated in the Senate in June but it was not voted on when the NDAA passed on June 18 (That would be H.R. 1735 which passed 215 (71-25) We understand that both chambers are now starting the process to bring the bill to conference in order to resolve differences. The State Authorization bill, we are told, will not be part of those discussions. In order for this to move forward, it will either need to be brought to the floor as a stand alone vote or Corker/Cardin could try again to attach it to another piece of legislation. Given that this is the first authorization bill passed by the SFRC in 5 years, and made it through the committee with bi-partisan support, we suspect that this might not be the end of this bill.

We’re hoping that employees’ fundamental rights and due process do not become casualties particularly in gaining concessions from Congress on the overseas comparability pay (CP) fight. That would be a terrible bargain. Educate your elected representative on the consequences of this section of the bill. See that AFSA is tracking this matter and talking to Congress.

The latest update from “M” on the OPM breach dated July 15, notes that “The State Department never transferred personnel records to the OPM facility. However, if you had other U.S. Government service prior to joining State, you may have had records that were involved.” On the background information breach, it says that “State Department employees’ SF-85 and SF-86 forms (depending on the appointment) were in the OPM system and thus were impacted. However, other background investigation material was not.”

If you have additional questions email DG DIRECT [DGDIRECT@STATE.GOV] or OPM’s new email: cybersecurity@opm.gov

AFSA’s latest update to its membership is dated July 10 and available to read here.

Update: A source on the Hill alerted us that the State Authorization bill was offered as an amendment when the NDAA was debated in the Senate last month but it was not voted on and the NDAA passed on June 18 (That would be H.R. 1735 which passed 215 (71-25) We understand that both chambers are now starting the process to bring the bill to conference in order to resolve differences. The State Authorization bill, we are told, will not be part of those discussions. In order for this to move forward, it will either need to be brought to the floor as a stand alone vote or Corker/Cardin could try again to attach it to another piece of legislation. Given that this is the first authorization bill passed by the SFRC in 5 years, and made it through the committee with bi-partisan support, we suspect that the this is not the end of this bill. We hope to write a follow-up post on the security clearance component of this legislation.— DS

On June 9, 2015, U.S. Senators Bob Corker (R-Tenn.) and Ben Cardin (D-Md.), the chairman and ranking member of the Senate Foreign Relations Committee, applauded the unanimous committee passage of the Fiscal Year 2016 Department of State Operations Authorization and Embassy Security Act. The SFRC statement says that it has been five years since the Senate Foreign Relations Committee passed a State Department Authorization bill and 13 years since one was enacted into law.

“Our committee has a responsibility to ensure limited federal resources for the State Department are used in a cost-effective manner to advance U.S. interests,” said Corker. “This effort takes a modest but important step toward reestablishing oversight of the State Department through an annual authorization, which hasn’t been enacted into law since 2002. In addition to prioritizing security upgrades for U.S. personnel at high threat posts, the legislation lays the groundwork to streamline State Department operations and make them more effective.”

This State Department Authorization bill has been offered as an amendment to the National Defense Authorization Act, which currently is on the Senate floor. It is quite lengthy so we will chop this down in bite sizes.

Below is the part related to the suspension of security clearance. If this bill passes, it means placing a member of the Foreign Service in a temporary status without duties and without pay once a determination to suspend clearance has been made. Diplomats with suspended clearances are typically given desk jobs or telecommuting work that require little or none of their expertise; looks like this bill changes that. The bill does not say what happens (does he/she gets back pay?) if the suspension of clearance does not result in revocation and the employee is reinstated. Or if suspended employees with no work/no pay will be allowed to take temporary jobs while waiting for the resolution of their suspended clearances.

Section 216. Security clearance suspensions

(a)Suspension

Section 610 of the Foreign Service Act of 1980 (22 U.S.C. 4010) is amended—

(1)by striking the section heading and inserting the following:

610.Separation for cause; suspension

; and

(2)by adding at the end the following:

(c)

(1)In order to promote the efficiency of the Service, the Secretary may suspend a member of the Service without pay when—

(A)the member’s security clearance is suspended; or

(B)there is reasonable cause to believe that the member has committed a crime for which a sentence of imprisonment may be imposed.

(2)Any member of the Foreign Service for whom a suspension is proposed under this subsection shall be entitled to—

(A)written notice stating the specific reasons for the proposed suspension;

(B)a reasonable time to respond orally and in writing to the proposed suspension;

(C)representation by an attorney or other representative; and

(D)a final written decision, including the specific reasons for such decision, as soon as practicable.

(3)Any member suspended under this subsection may file a grievance in accordance with the procedures applicable to grievances under chapter 11.

(4)If a grievance is filed under paragraph (3)—

(A)the review by the Foreign Service Grievance Board shall be limited to a determination of whether the provisions of paragraphs (1) and (2) have been fulfilled; and

(B)the Board may not exercise the authority provided under section 1106(8).

(5)In this subsection:

(A)The term reasonable time means—

(i)with respect to a member of the Foreign Service assigned to duty in the United States, 15 days after receiving notice of the proposed suspension; and

(ii)with respect to a member of the Foreign Service assigned to duty outside the United States, 30 days after receiving notice of the proposed suspension.

(B)The terms suspend and suspension mean placing a member of the Foreign Service in a temporary status without duties and pay.

Click on the image below (Thanks C!) to read the memo signed by DNI’s James R. Clapper and OPM Katherine Archuleta (pdf).

One govie told us “there is no process for TS which is all I hire!” Note that the memo says there are “no interim procedures authorized at this time for access to Top Secret, Top Secret SCI, or “Q” level information.”

There’s a sigh for you, too.

Click image to read the memo in pdf format (memo originally posted at govexec)

And when the e-QIP is restored, the wait will continue some more while the process runs its course. Will new hires even get to work by late fall?

One bureau reportedly sent out a note saying, “we are requesting that all tentative job offer notices be temporarily postponed until further guidance is published.” Apparently, “HR and DS are working together to iron out the details of an interim paper-based SF-86 process.”

It took 18 days before I got my OPM notification on the PII breach. Nothing still on the reported background investigation breach. OPM says it will notify those individuals whose BI information may have been compromised “as soon as practicable.” That might not happen until the end of July! The hub who previously worked for State and another agency has yet to get a single notification from OPM. We have gone ahead and put a fraud alert for everyone in the family. What’s next? At the rate this is going, will we soon need fraud alerts for the pets in our household? They have names and passports, and could be targeted for kidnapping, you guys!!

And yes, I’ve watched the multiple OPM hearings now, and no, I could not generate confidence for the OPM people handling this, no matter how hard I try. Click here for the timeline of the various breaches via nextgov.com, some never disclosed to the public.

Still waiting for the White House to do a Tina Fey:

via giphy.com

On June 25, the Under Secretary for Management, Patrick Kennedy sent a message to State Department employees regarding the OPM breach. There’s nothing new on this latest State update that we have not seen or heard previously except the detail from the National Counterintelligence and Security Center (NCSC) at http://www.ncsc.gov (pdf) on how to protect personal information from exploitation (a tad late for that, but anyways …) because Foreign Intelligence Services and/or cybercriminals could exploit the information and target you.

Here is M’s message from June 25, 2015 to State employees. As far as we know, this is the first notification posted publicly online on this subject, which is good as these incidents potentially affect not just current employees but prospective employees, former employees, retirees and family members.

Dear Colleagues,

I am writing to provide you an update on the recent cyber incidents at the U.S. Office of Personnel Management (OPM) which has just been received.

As we have recently shared, on June 4th, OPM announced an intrusion impacting personnel information of approximately four million current and former Federal employees. OPM is offering affected individuals credit monitoring services and identity theft insurance with CSID, a company that specializes in identity theft protection and fraud resolution. Additional information is available on the company’s website, https://www.csid.com/opm/ and by calling toll-free 844-777-2743 (international callers: call collect 512-327-0705). More information can also be found on OPM’s website: www.opm.gov.

Notifications to individuals affected by this incident began on June 8th on a rolling basis through June 19th. However, it may take several days beyond June 19 for a notification to arrive by email or mail. If you have any questions about whether you were among those affected by the incident announced on June 4, you may call the toll free number above.

On June 12th, OPM announced a separate cyber intrusion affecting systems that contain information related to background investigations of current, former, and prospective Federal Government employees from across all branches of government, as well as other individuals for whom a Federal background investigation was conducted, including contractors. This incident remains under investigation by OPM, the Department of Homeland Security (DHS), and the Federal Bureau of Investigation (FBI). The investigators are working to determine the exact number and list of potentially affected individuals. We understand that many of you are concerned about this intrusion. As this is an ongoing investigation, please know that OPM is working to notify potentially affected individuals as soon as possible. The Department is working extensively with our interagency colleagues to determine the specific impact on State Department employees.

It is an important reminder that OPM discovered this incident as a result of the agency’s concerted and aggressive efforts to strengthen its cybersecurity capabilities and protect the security and integrity of the information entrusted to the agency. In addition, OPM continues to work with the Office of Management and Budget (OMB), the Department of Homeland Security, the FBI, and other elements of the Federal Government to enhance the security of its systems and to detect and thwart evolving and persistent cyber threats. As a result of the work by the interagency incident response team, we have confidence in the integrity of the OPM systems and continue to use them in the performance of OPM’s mission. OPM continues to process background investigations and carry out other functions on its networks.

Additionally, OMB has instructed Federal agencies to immediately take a number of steps to further protect Federal information and assets and improve the resilience of Federal networks. We are working with OMB to ensure we are enforcing the latest standards and tools to protect the security and interests of the State Department workforce.

We will continue to update you as we learn more about the cyber incidents at OPM. OPM is the definitive source for information on the recent cyber incidents. Please visit OPM’s website for regular updates on both incidents and for answers to frequently asked questions: www.opm.gov/cybersecurity. We are also interested in your feedback and questions on the incident and our communications. You can reach out to us at DG DIRECT (DGDirect@state.gov) with these comments.

State Department employees who want to learn additional information about the measures they can take to ensure the safety of their personal information can find resources at the National Counterintelligence and Security Center (NCSC) at http://www.ncsc.gov. The following are also some key reminders of the seriousness of cyber threats and of the importance of vigilance in protecting our systems and data.

Request a free credit report at www.AnnualCreditReport.com or by calling 1-877-322-8228. Consumers are entitled by law to one free credit report per year from each of the three major credit bureaus – Equifax®, Experian®, and TransUnion® – for a total of three reports every year. Contact information for the credit bureaus can be found on the Federal Trade Commission (FTC) website, www.ftc.gov.

You may place a fraud alert on your credit file to let creditors know to contact you before opening a new account in your name. Simply call TransUnion® at 1-800-680-7289 to place this alert. TransUnion® will then notify the other two credit bureaus on your behalf.

Mr. Kelly told ZDNet, “In particular, the bill will update government background checks to include an applicants’ publicly available electronic data including social media accounts such as Facebook and Twitter.” This bill was introduced on September 16, 2014, in a previous session of Congress, but was not enacted.

Well, the bill may have died but it was only a matter of time before social media content becomes part of the federal background investigation.

The Federal Investigative Services (OPM-FIS) provides investigative products and services for over 100 Federal agencies to use as the basis for suitability and security clearance determinations. OPM provides over 90% of the Government’s background investigations, conducting over two million investigations a year.

On June 17, the Office of Personnel Management, Federal Investigative Service (FIS), PIC Acquisitions Team, published a “Notice of Intent to Sole Source – PAEI Reports” to Social Intelligence, a company headquartered in California. Social media content is now officially called Publicly Available Electronic Information (PAEI). If we’re reading this correctly, it looks like there already are pilot projects with the same company conducted with the U.S. Army, the Office of Director of National Intelligence (ODNI), the Department of State and the National Reconnaissance Office.

Below is the published notice via fedbiz:

It is the intention of the agency to award a firm-fixed price agreement to Social Intelligence for publicly available electronic information (PAEI) reports. This is not a solicitation for quotations, but rather a notice of the agency’s intent to make a sole source award to Social Intelligence.

The U.S. Office of Personnel Management (OPM) Federal Investigative Services (FIS) seeks to award a firm-fixed price agreement to Social Intelligence who will conduct searches of multiple sources of PAEI in an automated manner and provide complete, accurate, standardized reports to OPM-FIS when searches result in information pertinent to Subjects of Investigation.

OPM-FIS is participating in a set of pilot projects with other federal investigative service providers to evaluate the use of PAEI in the background investigative process. This acquisition will provide 400 PAEI reports over a period of approximately 6-9 months for a sample population of investigations to assess the OPM-FIS operational end-to-end process and relevancy to the investigation along with the effects of quality, costs and timeliness. The vendor must also provide high level training on how to review and analyze the PAEI reports and also provide customer and technical support 24×7 until 400 PAEI reports have been provided to OPM-FIS.

Social Intelligence is the only source that possesses knowledge and expertise obtained through participation in other high level government PAEI pilot projects, to include pilots with the U.S. Army, the Office of Director of National Intelligence (ODNI), the Department of State and the National Reconnaissance Office. Social Intelligence is the only one available whose product will result in a consistent and accurate comparative analysis between results of the OPM-FIS pilot and other government agencies’ pilots. This vendor’s personnel have experience with and have received training on the personnel security process and the thirteen adjudicative guidelines due to participation in previous government pilots. Such experience is required in order to appropriately identify issues containing relevant adjudicative information. Only data that meets the adjudicative guidelines will be collected and retained by OPM-FIS.

This vendor was deemed a consumer reporting agency (CRA) by the Federal Trade Commission, as defined by the Fair Credit Reporting Act. As of January 2013, the vendor was the only social media background screening company designated as a CRA. This designation is important as the FTC has ruled that CRAs must take reasonable steps to ensure the maximum possible accuracy of the information reported from social media sites. All of the above make Social Intelligence a unique source that would provide the best solution with the least risk to the government for this pilot.

According to its website, Social Intelligence (http://www.socialintel.com) “provides social media data, tools, and reports to commercial and Government organizations. Headquartered in Santa Barbara, Calif., the company has developed a unique suite of products including employment background screenings, insurance claims investigations, corporate due diligence, and Government services. … Social Intelligence was created to provide companies and governmentalorganizations publicly available online information, while ensuring this data is used appropriately and legally.” It provides the following services:

Social Intelligence’s Social Monitoring & Evaluation solutions provide a powerful and cost-effective way to monitor and evaluate an individual’s ongoing online activity across the deep web.

Social Intelligence’s groundbreaking research into online identity science and its implications allows companies to confidently rely on social media and internet data. A fully automated capability, Social Intelligence’s proven, proprietary Identity Resolution algorithm identifies, matches, and scores aggregated publicly available online information, the first of multiple steps to solidify data veracity.

On it’s website, the company talks about “the opportunity at hand” — apparently 64 million people are unscorable by traditional credit scores and 55% of millennials are willing to share their data in exchange for discounts.

OPM, in the FAQ section of the CSID website, declares that our family members were “not affected by this breach. The only data potentially exposed as a result of this incident is your personal data.” Thus, our family members cannot use the credit monitoring and identity theft protection services. But wait. My spouse’s name, date of birth, place of birth, passport number, and social security number were listed in my SF-86. And my SF-86 has been compromised. So hasn’t my spouse been “affected” by this breach, too?

So far no one has been fired, no one has accepted responsibility for the breach, and the OPM notification letter says, “Nothing in this letter should be construed as OPM or the U.S. Government accepting liability for any of the matters covered by this letter or for any other purpose.”

AFSA has now issued a notice to its membership on the OPM data breach. Below is an excerpt:

On Thursday June 4, the Office of Personnel Management (OPM) became aware of a cybersecurity incident affecting its systems and data. AFSA subsequently learned that the Personally Identifiable Information (PII) of many current and former federal employees at the foreign affairs agencies have been exposed as a result of this breach.

The most current information provided to AFSA indicates the following: Most current, former and prospective federal employees at ALLforeign affairs agencies have been affected by this breach. That includes the State Department, USAID, FCS, FAS, BBG and APHIS. OPM discovered a new breach late last week which indicates that any current, former or prospective employee for whom a background investigation has been conducted is affected.

In the coming weeks, OPM will be sending notifications to individuals whose PII was potentially compromised in this incident. The email will come from opmcio@csid.comand it will contain information regarding credit monitoring and identity theft protection services being provided to those federal employees impacted by the data breach. In the event OPM does not have an email address for the individual on file, a standard letter will be sent via the U.S. Postal Service. All the foreign affairs agencies suggest that those affected should contact the firm listed below. Members of the Foreign Commercial Service may additionally contact Commerce’s Office of Information Security at informationsecurity@doc.gov.

As a note of caution, confirm that the email you receive is, in fact, the official notification. It’s possible that malicious groups may leverage this event to launch phishing attacks. To protect yourself, we encourage you to check the following:

The email is sent exclusively to your work email address. No other individuals should be in the To, CC, or BCC fields.

The email subject should be exactly “Important Message from the U.S. Office of Personnel Management CIO”.

Do not click on the included link. Instead, record the provided PIN code, open a web browser, manually type the URL http://www.csid.com/opm into the address bar and press enter. You can then use the provided instructions to enroll using CSID’s Web portal.

The email should not contain any attachments. If it does, do not open them.

The email should not contain any requests for additional personal information.

The official email should look like the sample screenshot below.

image via afsa.org

Additional information has been made available on the company’s website, www.csid.com/opm, and by calling toll-free 844-777-2743 (International callers: call collect 512-327-0705).

Agency-Specific Points of Contact:

If you have additional questions, contact AFSA’s constituency vice presidents and representatives:

Of course, the security freeze does not solve the problem if the intent here goes beyond stealing USG employees’ identities. If the hackers were after the sensitive information contained in the background investigations, for use at any time in the future, not sure that a credit freeze, credit monitoring and/or ID thief protection can do anything to protect our federal employees.

Security clearance investigations, by their very nature, expose people’s darkest secrets — the things a foreign government might use to blackmail or compromise them such as drug and alcohol abuse, legal and financial troubles and romantic entanglements. (via)

I understand why the USG has to show that it is doing something to address the breach but — if a foreign government, as suspected, now has those SF-86s, how can people protect themselves from being compromised? If this is not about compromising credit, or identities of USG employees but about secrets, credit monitoring and/or ID thief protection for $20 Million will be an expensive but useless response, wouldn’t it?